Application Security Engineer
| Company | Genworth Financial |
|---|---|
| Location | Lynchburg, VA, USA, Richmond, VA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Senior |
Requirements
- Computer Science or similar degree
- Experience using vulnerability scanning technologies, AST platforms, and cloud security tooling
- Formal experience with threat modeling
- Experience leading projects, initiatives, and resources through direct and indirect leadership
- Deep knowledge of Assessing and prioritization of Risk with an ability to think like a bad actor and use that context to conduct threat models
- Cloud experience (AWS, Azure, GCP)
- Infrastructure as Code (IaaC) and Policy as Code (PaC) Concepts
- Experience implementing secure Software Development Lifecycle programs
Responsibilities
- Manage and support application vulnerability scanning technologies, AST platforms, and cloud security tooling
- Collaborate with business stakeholders to design secure applications, test applications for security weakness, and partner on remediation of identified issues
- Work with key stakeholders to identify, respond to, and remediate information security issues
- Coordinate the orchestration, automation, and management of security technologies and platforms
- Support day-to-day life cycle management, including identification, threat assessment, threat modeling and risk avoidance
- Create reasonable and actionable reports showing direct impact to the security posture
- Define and implement meaningful metrics to measure the effectiveness of security controls through Key Risk Indicators (KRIs) and security scorecards
- Serve as a subject-matter-expert for Application Security; act as a key point of contact for critical issues, security risk assessments and triaging CI/CD issues with partners and stakeholders
- Evaluate business and technical requirements to identify and implement tools, processes, and technologies to improve our security posture in our environments
- Ensure the continuous improvement of existing compliance processes
Preferred Qualifications
- Familiarity with technical security controls, guidelines, and frameworks outlined by standards such as SOC2, ISO 27001, NIST 800-53
- Ability to automate tasks and code solutions to repetitive problems
- Scripting or programming experience (Java, .NET, HTML, Ruby, PHP, Perl, C#, Python, JavaScript, PowerShell, Bash)
- Experience with penetration testing and web application assessment
- Experience assessing software compliance with HIPAA, PHI, PII and PCI regulations